Really starts getting into splitting hairs at that point though. If someone says a "one way encryption function" (which I've heard many a security professional use exactly those words in context) everyone knows they mean hash functions. You could argue the literal definition, but encryption is for all intents and purposes the applied ideas of cryptography. Then again this is slashdot, nearly everyone splits hairs about everything...

If we are getting into the technical definition, bit length, key length, etc. doesn't really pertain to something being encryption or not. By definition a Vigenère or Caesar cipher are consider encryption methods (and Caesar doesn't even use a key) but those are very primitive versions of encryption. If I remember correctly yes, you can still have collisions on something like your example depending on the method used (been a while since I did any of that, so I am a bit rusty). MD5 has lots of known

The definition for decrypting something is hazy at best as technically using a dictionary attack against a hash function both "decrypts" it and is loss-less assuming you have any related salts etc (this includes even things like SHA2 because with enough time/resources, admittedly ludicrous amounts, it can be "decrypted" or "de-hashed").

Speaking theoretically it should really be acceptable to say "one-way encryption method" although, as of course everyone was undoubtedly going to point out when I said that,

A hash function is just a mapping of data of an arbitrary length to data of a fixed length. The function could be guaranteed to map all strings below the output length to guaranteed-unique values, or there could be hash collisions. It depends on how the function is defined. Hash functions that are cryptographically useful don't have easy ways to find collisions, but there are an infinite number of not-useful functions that are still technically hashes.

While theoretically true, rainbow tables strongly disagrees:). That is probably the main reason that definition isn't exactly right. I think general definition is actually something encoded so that only allowed persons can read it. It really isn't much of (if at all to most people in the field) a misuse of the term encryption to use it in context to hash functions as long as you qualify that it is a one way encryption method.

You say this as a joke but where I work that's exactly what we use it for. We use it to index and catalog larger records.It's much easier to check whether a md5sum is unique than to check if an entire record is unique. We obviously can'treverse it but it is easy to recompute it on a new record to see if it's already in the database. There is the small chanceof collision but as a non-malicious md5sum collision has a lower priority than a life destroying asteroid collision, it'sgood enough for our purposes

We use (I believe) SHA-256 for a similar purpose, and with similar justifications. A few billion (or even trillion) records? No problem. It's difficult to comprehend how little of the hashspace we've covered.

The traditional use of checksum is to verify that a large file or other bits of data are not corrupt.Using it to compress,index, or deduplicate large files kindof like a "rainbox table" is not usuallywhat checksums are used for. For one thing it partially goes against what a checksum isdesigned for. A checksum is designed to change even on a very minor change so unless youhave very structured data it's very hard to use a checksum to verify if a record already exists.

I think LiveDrive uses(ed) hash functions in order to reduce their data storage footprint. There are stories of whole ISOs showing as uploaded in seconds because they hash check before uploading. Makes perfect sense for cloud storage.

You log into a site. The little lock icon (or whatever) says you're good, so most people won't give it a second thought. If I check in Firefox, I see "Verified by: [My Employer]". If I deploy a machine and don't put my employer's root CA cert on it, I get stopped *constantly* by the browser complaining about a man-in-the-middle attack. If I really need to do something personal while at work, I sometimes bring in my laptop and tether it to my phone. It makes me envious of Europe's employee rights laws.

The company adds itself as a "known ca" on the equipment that it provides to its employees. Compromise the list of valid certification roots, and you've got carte blanche, in terms of network (in)security.

I know they can crack my VPN connection if they want to, but it costs them time and money. No more real-time surveillance capability, big dis-incentive to casually snoop on me. Encryption doesn't always have to be perfect, adding cost is well worth doing in this case.

Email is a postcard.Anyone can read it as it passes by.Encryption is pointless.All encryption can or will be broken.By encrypting you merely flag yourself.A conspiracy of more than one person will be found out.

Encryption is not about making it impossible to decode (in some cases, hash functions actually do try to do that), it is more about making it not worth the effort or making the effort so high that once you DO decrypt it the information isn't really that useful.

It is kind of like trying to to hunt through a haystack for a few small items only you have to jump through 200 proverbial hoops before you even get to look for one single item that may require four other items in a different haystacks before it means

Nothing is 100%. However, security to keep the majority of the attacks is useful.

One can say that because some people can pick the lock on a front door, then locks are not needed. However, locks often do work and up the ante for someone getting in.

I have a habit of encrypting whenever possible. This way, should something happen like my Android tablet get stolen, a USB flash drive used for backups gets nicked, or cloud storage broken into and files snarfed, the damage done is mitigated.

That depends. Is your checking account adequately secured if I write down a random number and it happens to be your account number?

Many encryption schemes will outlast the data integrity and greatly outlast the universe. A {2,3} quorum of Rivest, Shamir, and Addleman can attest to this. Someone may guess, but not by repeatable effort; they'll guess by dartboard.

Because there was no joke. He was being genuinely stupid, by unironically suggesting that "they" could have found Flight 370 with their magical cellphone detectors but have chosen not to.

The next funny bit is, you're talking to me in the third person, letting me know that my joke was not a joke, and talking about how non-tech-savvy I am, despite the fact that I've been programming computers since I was 7 years old, have worked on some incredibly significant technology in my career and have been known to build 3D printers with hand tools in my living room for fun:D

Many of the web sites I use (even youtube) are using https - and are encrypted. But slashdot.org isn't, arstechnica.com isn't (at least by default). So it came to 40% to 60% for me based on the sites I use.

Nope. Sometimes personal browser history would look bad for a job, when searching for other jobs and such, but unless someone is planning on taking my browser history out of context, it would be a reasonable reflection of "normal" browsing.

And, taken out of context, my searches for Barrett rifles, with some others, could be constructed to look like someone trying to go postal. But often at work, any discussions of military or firearms end up using me as a reference. The last time I searched for it, I was using it as an example of barrel venting, and yes, I put up those images at work.

So if I were to have witnesses to explain away any such oddities, I'd have nothing to fear. And there's no reason for anyone to target me for special interes

Imagine your full browsing history, for example. I bet there is a lot of things that you would not like others to see.

I delete it regularly anyway so that would not be a major concern for me. So I watch porn, visit Arrse (an unofficial British military forum), browse wikipedia, come on slashdot aaaand that covers what, 3/4 of my browsing? Nothing too concerning there.

Well, technically, it encrypts things, but without being able to DEcrypt them, it's not very useful.

1a57290facd5dcf9308d343988230b85 could be the result of "echo a | md5", "md5 ~/Desktop/War_and_Peace.txt"... or both... or something else entirely... or any number of other things. If you figure out what it is, tell these guys. [md5this.com]

I use https most of the time, but how does it count to access e-mail, when the e-mail service is provided by a third party so they have access to all my communications.

In the end, there's always a third party involved that may not care about the secrecy of my communications, so end-to-end encrypted, is probably none. I connect to my work computers using VPN but then again, my employer probably have access as of what I'm typing and doing.

Does having partially encrypted communications help? Perhaps. Perhaps, so that Comcast/Verizon/T-Mobile or other carriers cannot steal the ad business from Google, Amazon, etc.

First what do you mean by encrypted? I mean you'll find that a lot of stuff is encrypted at some point. Wifi is a good example. However so is a cable modem. Any DOCSIS connection is encrypted, 3.0 ones using AES. Of course the encryption is only to the CMTS, it is to keep your neighbours from sniffing in on your traffic, it has to get decrypted for the ISP.

Also something like a VPN is nearly end-to-end, but only if you then stay on the network it attaches to. Many people use a VPN, but then will go out to o

For stuff that matters, e.g. financial/personal data, email, etc., it's 100%, but I've noticed more and more sites are using SSL/TLS by default, even for stuff that really doesn't matter whether it is encrypted or not from a security point of view, so it's purely for user privacy. That's a good start and such efforts are to be applauded, and while I don't specifically track that kind of usage the fact that even Lolcats videos are now often encrypted while in transit the overall percentage of encryption use

Historically, the vast majority of ad networks have offered only HTTP. This means ad-supported sites have had to redirect HTTPS to HTTP in order to serve ads without mixed content blocking. This is why HTTPS on Slashdot is for subscribers only.

I used to be closer to 60% (only unencrypted things would be torrents and Steam downloads), but a few weeks ago HTTPS Everywhere broke. So now I'm probably around 30% - the HTTPS-always sites, plus SSH and VPN tunnels.

I 2N-ROT13 all of my communications, with N being a random number generated from careful measurements of uranium decay. It's a bit expensive, the neighbors don't really like how the local wildlife is growing additional appendages, and it's really slow when you're unlucky with your uranium, but at least I can feel safe in the thought that I have the ultimate entropy generator that money can buy. I really feel like the encrypted bits have a nice sheen to them, like a luxury car. It's great!

If you mean things like Email, the answer is "none" - simply because Email-encryption remains too difficult for people to setup and use, so no one does.

If you include browsing, well, since Snowdon, the websites I run are https-only. Unfortunately, most sites haven't taken this step - and anyway, it only helps if you also block the trackers and take other privacy measures.

At home, I don't bother because I've had people go bananas thinking the picture of a ribbon in Outlook was some type of malware. Some private E-mail gets sent via PGP, but oftentimes, it tends to be a keyfile attachment, and a TrueCrypt container with the actual TC volume stashed on a bulk download site like MediaFire.

I prefer PGP over S/MIME because once keys are exchanged and used for previous transactions, it is obvious that someone is impersonating t

Percentage of online communication.. by number of bits: torrents dominate, and some HTTP downloads, and these are not encrypted. By my attention, there's more text-based communication, and I'm probably up at 50 %

Hmmmmmm, that is a very good point and I may actually steal this idea. I never thought about doing that to break their crap. I've seen an adobe crack for CS5.5 that does something similar for the DRM (which is downright hilarious that adobe's DRM is that bad).

That is part of the challenge of security. One of the major principles is adoption. You have to make the security protocol at least somewhat convenient so that users will actually use it. Think about this, actual good security for lots of my valuables that I use everyday (car keys, computers, electronics in general) would be to have it locked inside a safe when not used that requires probably 2 factor authentication. It would definitely make it very difficult to steal or tamper with it, but why do I and